SECURITY WARNING! – Heartbleed Bug

An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. Writing about Heartbleed, security expert Bruce Schneier says “‘catastrophic’ is the right word. On the scale of 1 to 10, this is an 11.”

The internet has a set of protocols for handling secure website traffic, commonly referred to as SSL (Secure Socket Layer). One common implementation of this protocol is known as OpenSSL which runs on around 66% of the web including popular sites such as gmail and facebook.

Vulnerable versions of the OpenSSL software are now being patched with updates, you can check to see if a site remains vulnerable by using the Heartbleed test website.

What is not clear at this stage, is if any sensitive information has been harvested. Lots of software packages began using the vulnerable version of OpenSSL in December 2011, so for two years any website which used this technology was susceptible and the nature of this particular bug prevents site administrators from detecting if their sites were compromised during this time.

At this point there is no indication that hackers knew about the exploit before this week, there have been no confirmed password lists stolen. However, it is still a good idea to change all of your passwords as information could have been harvested from vulnerable websites during this period.

Although changing your password regularly is always good practice, if a site or service hasn’t yet patched the problem, your information will still be vulnerable. It’s worth waiting to make sure that each service you use has patched its servers using the above link before changing your password.

As always a strong password is important and the Heartbleed bug has also highlighted how important it is to use different passwords on each website that you use.

Pierce is a trading name of Pierce Group Ltd (09047081) and its associated companies. Pierce Group Ltd is the parent company of Pierce C.A. Ltd (04360541), Pierce Forensic Ltd (05969229) and Pierce Corporate Finance Ltd (05969217). All companies are registered in England & Wales and the registered office, list of all directors and VAT registration numbers are held at: Mentor House, Ainsworth Street, Blackburn, Lancashire BB1 6AY. Pierce C.A. Ltd is registered to carry on audit work in the UK and Ireland and regulated for a range of investment business activities by the Institute of Chartered Accountants in England and Wales - Chartered Accountants' Hall, PO Box 433, London EC2P 2BJ, Tel 020 7920 8100.